Alpha release

Server/Host/flaskApp.py

@@ -0,0 +1,151 @@
+
+from Server.DB.handler import Order, User
+from flask import Flask, abort,flash, render_template, request, redirect, url_for, jsonify
+# create a session to manage the connection to the database 
+import time
+import configparser
+
+
+from Server.DB.handler import session, QR
+from Server.DB.querys import compare, get, set, add
+
+from flask_login import LoginManager, login_required, login_user, logout_user
+from flask_wtf import FlaskForm
+from flask_wtf.csrf import CSRFProtect
+from wtforms import StringField, PasswordField, SubmitField, BooleanField
+from Tools.qrGenerator import generate_QR_Code
+import os
+
+config = configparser.ConfigParser()
+config.sections()
+config.read('Options.ini')
+
+login_manager = LoginManager()
+
+csrf = CSRFProtect()
+
+app = Flask(__name__)
+SECRET_KEY = os.urandom(32)
+app.config['SECRET_KEY'] = SECRET_KEY
+csrf.init_app(app)
+
+
+login_manager.init_app(app)
+
+#default db values
+# create the Base if not present whit default values like admin+password and qr codes.
+
+if config['OTHER']['first_startup'] == 'True':
+    print("Please enter a Secure Admin Password:")
+    add._create_user('Admin',input())
+    config.set('OTHER', 'first_startup', 'False')
+    with open('Options.ini', 'w') as configfile:
+        config.write(configfile)
+    generate_QR_Code()
+    
+
+@login_manager.user_loader
+def user_loader(username):
+    user = User()
+    user.id = username 
+    print(username, user.id)
+    return user
+
+
+
+class LoginForm(FlaskForm):
+    username = StringField('name')
+    password = PasswordField('Password')
+    remember_me = BooleanField('Remember Me') #TODO
+    submit = SubmitField('Submit')
+
+
+@app.route("/",)
+def view_form():
+    return "loaded"
+
+@app.route("/login", methods=['GET','POST'])
+def login():
+    form = LoginForm()
+    if form.validate_on_submit():
+        user = user_loader(form.username.data)
+        #TODO if username not in User:
+        #TODO return if username or pass wrong a red textbox in ui...
+        if user and compare.is_user_pass_valid(form.username.data, form.password.data):
+            login_user(user) # store user id in session
+            
+            #TODO url_has_allowed_host_and_scheme should check if the url is safe
+            # for redirects, meaning it matches the request host.
+            # See Django's url_has_allowed_host_and_scheme for an example.
+            # if not url_has_allowed_host_and_scheme(next, request.host):
+            #    return abort(400)
+            #next = request.args.get('next') is written in documentaion FLASK 
+            #return redirect(next, url_for('orders')) # redirect to orders page
+            return redirect(url_for('orders')) # redirect to orders page
+    return render_template('login.html', form=form)
+
+@app.route("/logout") #TODO make a button
+@login_required
+def logout():
+    logout_user()
+    return redirect('/')
+
+@app.route("/orders", methods=['GET','POST'])
+@login_required
+def orders(): #TODO on new orderGet refresh orders list
+    if request.method == 'POST':
+        order_id = request.form.get('order_id')
+        action = request.form.get('action')  # 'finish' or 'undo'
+        
+        order = session.get(Order, int(order_id))
+        if order: #SQL error handeling just in case
+            if action == 'finish':
+                order.finished = True
+            elif action == 'undo':
+                order.finished = False
+            session.commit()
+            return jsonify(success=True)
+        return jsonify(success=False)
+
+    return render_template('orders.html', orders=get.all_orders())
+
+@app.route("/order_get", methods=['GET','POST'])
+def order_get():
+    desk= 1
+
+    #POST order
+    if request.method == 'POST' and config['SETTINGS']['lockqrcode_whit_secret'] == True:
+        ordered_list = []
+        desk = request.form['desk']
+        form = request.form
+        for key in form:
+            if key.startswith('order-name.'):
+                name = key.partition('.')[-1]
+                value = request.form[key]
+                ordered_list.append([value,name])
+
+        # Adding order to DB        
+        if compare.process_main(ordered_list, desk):
+            return '<h1>your order got ressived!</h1>'
+        return '<h1>your order coudnt be ressived try again Error:SQL </h1>'
+
+    # Veriefie if auth or not from GET     
+    elif request.method == 'GET':
+        desk = int(request.args['desk'])
+        secret = int(request.args['secret'])
+        try:#TODO FIX! #Feature = True #TODO:Encryption Salting hasing and anti rainbow attack for qr code?? (needed?) 
+            if config['SETTINGS']['lockqrcode_whit_secret'] and compare.is_QRSecret_valid(desk,secret):
+                return render_template('index.html', desk=desk, MAX_DESKS=config['DEFAULT']['max_desks'], orderableItems = get.valid_products(get_json_=True))
+            elif config['SETTINGS']['lockqrcode_whit_secret'] == False:
+                return render_template('index.html', desk=desk, MAX_DESKS=config['DEFAULT']['max_desks'],orderableItems = get.valid_products(get_json_=True))
+            return '<h1>404 wrong Secret?</h1>' #TODO Make the HTML prettier for all 
+        except:
+            return '<h1>Server/code issue?</h1>'
+    elif config['SETTINGS']['lockqrcode_whit_secret'] == True:
+        return '<h1>your LOCKQRCODE is invalid.</h1>'
+    else:
+        return render_template('index.html',desk=desk, MAX_DESKS=config['DEFAULT']['max_desks'],orderableItems = get.valid_products(get_json_=True))
+
+app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///db.db'
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+